Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tests failing on older YubiKeys #55

Closed
ericchiang opened this issue Apr 28, 2020 · 3 comments · Fixed by #59
Closed

Tests failing on older YubiKeys #55

ericchiang opened this issue Apr 28, 2020 · 3 comments · Fixed by #59

Comments

@ericchiang
Copy link
Collaborator

ericchiang commented Apr 28, 2020

Yubico Yubikey NEO OTP+U2F+CCID
Applet version: piv.version{major:0x1, minor:0x0, patch:0x4}

Logs

=== RUN   TestYubiKeySignECDSA                                                                        
    TestYubiKeySignECDSA: key_test.go:64: signing failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeySignECDSA (0.94s)                                                                                                                                                                      
=== RUN   TestPINPrompt                                                                                                                                                                                     
=== RUN   TestPINPrompt/Never            
    TestPINPrompt/Never: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestPINPrompt/Once                                                                          
    TestPINPrompt/Once: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestPINPrompt/Always                                                                        
    TestPINPrompt/Always: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestPINPrompt (2.01s)                                                                       
    --- FAIL: TestPINPrompt/Never (0.67s)     
    --- FAIL: TestPINPrompt/Once (0.67s)                                                                                                                                                                    
    --- FAIL: TestPINPrompt/Always (0.67s)                                                            
=== RUN   TestSlots                    
=== RUN   TestSlots/Authentication                                                                                                                                                                          
    TestSlots/Authentication: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound                                                                                      
    TestSlots/Authentication: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/Authentication: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/CardAuthentication                                                                                                                                                            
    TestSlots/CardAuthentication: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/CardAuthentication: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/CardAuthentication: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/KeyManagement                  
    TestSlots/KeyManagement: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/KeyManagement: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/KeyManagement: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/Signature         
    TestSlots/Signature: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/Signature: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/Signature: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestSlots (6.84s)                                                                           
    --- FAIL: TestSlots/Authentication (0.93s)                                                        
    --- FAIL: TestSlots/CardAuthentication (0.91s)
    --- FAIL: TestSlots/KeyManagement (0.91s)
    --- FAIL: TestSlots/Signature (0.91s)                                                             
=== RUN   TestYubiKeySignRSA          
=== RUN   TestYubiKeySignRSA/rsa1024  
    TestYubiKeySignRSA/rsa1024: key_test.go:249: signing failed: command failed: smart card error 6982: security status not satisfied
=== RUN   TestYubiKeySignRSA/rsa2048    
    TestYubiKeySignRSA/rsa2048: key_test.go:249: signing failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeySignRSA (19.47s)  
    --- FAIL: TestYubiKeySignRSA/rsa1024 (4.92s)
    --- FAIL: TestYubiKeySignRSA/rsa2048 (14.54s)
=== RUN   TestYubiKeyDecryptRSA       
=== RUN   TestYubiKeyDecryptRSA/rsa1024
    TestYubiKeyDecryptRSA/rsa1024: key_test.go:305: decryption failed: command failed: smart card error 6982: security status not satisfied
=== RUN   TestYubiKeyDecryptRSA/rsa2048  
    TestYubiKeyDecryptRSA/rsa2048: key_test.go:305: decryption failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeyDecryptRSA (36.03s)     
    --- FAIL: TestYubiKeyDecryptRSA/rsa1024 (4.67s) 
    --- FAIL: TestYubiKeyDecryptRSA/rsa2048 (31.36s)
=== RUN   TestYubiKeyAttestation      
    TestYubiKeyAttestation: key_test.go:325: getting attestation certificate: command failed: smart card error 6a82: data object or application not found
--- FAIL: TestYubiKeyAttestation (0.03s)
=== RUN   TestYubiKeyStoreCertificate              
--- PASS: TestYubiKeyStoreCertificate (3.54s)                                                         
=== RUN   TestYubiKeyGenerateKey                                                                      
=== RUN   TestYubiKeyGenerateKey/ec_256
=== RUN   TestYubiKeyGenerateKey/ec_384                                                                                                                                                                     
    TestYubiKeyGenerateKey/ec_384: key_test.go:462: generating key: command failed: smart card error 6a80: incorrect parameter in command data field
=== RUN   TestYubiKeyGenerateKey/rsa_1024
=== RUN   TestYubiKeyGenerateKey/rsa_2048     
--- FAIL: TestYubiKeyGenerateKey (20.94s)                                                             
    --- PASS: TestYubiKeyGenerateKey/ec_256 (0.67s) 
    --- FAIL: TestYubiKeyGenerateKey/ec_384 (0.07s)                                                   
    --- PASS: TestYubiKeyGenerateKey/rsa_1024 (5.02s)
    --- PASS: TestYubiKeyGenerateKey/rsa_2048 (15.18s)
=== RUN   TestYubiKeyPrivateKey               
    TestYubiKeyPrivateKey: key_test.go:492: getting private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestYubiKeyPrivateKey (3.36s)                                                               
=== RUN   TestYubiKeyPrivateKeyPINError
    TestYubiKeyPrivateKeyPINError: key_test.go:542: getting private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestYubiKeyPrivateKeyPINError (0.67s)                                                                                                                                                             
=== RUN   TestContextClose             
--- PASS: TestContextClose (0.00s)
=== RUN   TestContextListReaders                                                                                                                                                                  
--- PASS: TestContextListReaders (0.00s)
=== RUN   TestHandle                      
--- PASS: TestHandle (0.00s)                                                                          
=== RUN   TestTransaction                          
--- PASS: TestTransaction (0.00s)      
=== RUN   TestErrors                             
--- PASS: TestErrors (0.00s)
=== RUN   TestGetVersion              
--- PASS: TestGetVersion (0.02s)                                                                      
=== RUN   TestCards                   
--- PASS: TestCards (0.00s)                                                                           
=== RUN   TestNewYubiKey                                                                              
--- PASS: TestNewYubiKey (0.02s)                                                                      
=== RUN   TestMultipleConnections     
--- PASS: TestMultipleConnections (0.02s)
=== RUN   TestYubiKeySerial                                                                           
--- PASS: TestYubiKeySerial (0.05s)   
=== RUN   TestYubiKeyLoginNeeded      
    TestYubiKeyLoginNeeded: piv_test.go:140: expected no login needed
--- FAIL: TestYubiKeyLoginNeeded (0.07s)
=== RUN   TestYubiKeyPINRetries                                                                       
--- PASS: TestYubiKeyPINRetries (0.03s)
=== RUN   TestYubiKeyReset            
--- PASS: TestYubiKeyReset (3.26s)    
=== RUN   TestYubiKeyLogin            
--- PASS: TestYubiKeyLogin (0.05s)    
=== RUN   TestYubiKeyAuthenticate     
--- PASS: TestYubiKeyAuthenticate (0.07s)
=== RUN   TestYubiKeySetManagementKey 
--- PASS: TestYubiKeySetManagementKey (0.19s)
=== RUN   TestYubiKeyUnblockPIN       
--- PASS: TestYubiKeyUnblockPIN (0.20s)
=== RUN   TestYubiKeyChangePIN        
--- PASS: TestYubiKeyChangePIN (0.15s)        
=== RUN   TestYubiKeyChangePUK        
--- PASS: TestYubiKeyChangePUK (0.14s)             
=== RUN   TestChangeManagementKey                                                                     
--- PASS: TestChangeManagementKey (0.18s)                                                             
=== RUN   TestMetadata     
--- PASS: TestMetadata (3.43s)                                                                                                                                                                              
=== RUN   TestMetadataUnmarshal    
--- PASS: TestMetadataUnmarshal (0.00s)
=== RUN   TestMetadataMarshal                 
--- PASS: TestMetadataMarshal (0.00s)                                                                 
=== RUN   TestMetadataUpdate
--- PASS: TestMetadataUpdate (0.00s)                                                                  
=== RUN   TestMetadataAdditoinalFields
--- PASS: TestMetadataAdditoinalFields (0.00s)
FAIL                                          
FAIL    github.com/go-piv/piv-go/piv    102.041s   
FAIL          
@joneskoo
Copy link

Maybe #50 introduced this?

@joneskoo
Copy link

joneskoo commented May 10, 2020

https://developers.yubico.com/PIV/Introduction/PIV_attestation.html

This document describes the attestation feature added to the PIV module in YubiKey 4.3 and 5. For actual commands to work with the attestation feature, please see the yubico-piv-tool documentation.

Probably Yubikey 4.2.8 says "invalid instruction" for the get attestation command and that's why it's failing.

piv-go/piv/key.go

Lines 590 to 599 in 6bdd3b3

// Attempt to determine the key's PIN policy. This helps inform the
// strategy for when to prompt for a PIN.
cert, err := yk.Attest(slot)
if err != nil {
return nil, fmt.Errorf("get attestation cert: %v", err)
}
a, err := parseAttestation(cert)
if err != nil {
return nil, fmt.Errorf("parse attestation cert: %v", err)
}

@ericchiang
Copy link
Collaborator Author

Yep you're right :) Sent #59

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants